On Fri, 15 Sep 2000, Benjamin Scott <[EMAIL PROTECTED]> wrote:
>
> Doesn't seem too likely, since this would require more horsepower in the
> head-end equipment,
Oh I don't know. It should likely be done in hardware at the head-end
as it is done in the cable modem in the cable modem's chip(s).
I imagine (over time at least) the cost difference between:
DOCSIS compliant head-end equipment
and
DOCSIS compliant head-end equipment except for the
Baseline Privacy component of DOCSIS
could be pretty small.
> and it would likely increase their support costs, too.
THIS is the reason they don't do it. I doubt customers even realize
this even possible or is an issue.
> Meanwhile, the Internet is still an inherently insecure network, so they
> really wouldn't be accomplishing much anyway.
It is true that if you *really* need privacy for certain communications
you better do it end-to-end (PGP, SSL, ssh, etc...)
HOWEVER, I think the "insecure local subnet" warrants some special attention
at least from the "annoyance" angle. And from the fact (belief?) that it
easier to compromise leaf nodes on subnets than routers and servers
on nets closer to the backbone.
At work, in general, we usually think of peers on our subnet as more or
less "trusted" (I understand there are exceptions to this), but in the
ISP case a customer wants nothing to do with their peers and really
wants things as though the peers (aka potential jerks) did not exist.
Imagine that if with a local dialup ISP some bozo dialing into the same
modem pool as you could PASSIVELY read all of your packets (in the
comfort of his own home). Not particularly desirable. However for him
to do that he would need to wiretap your lines or hack into the ISP's
server.
A similar thing applies to DSL, although I know less about it. I
imagine the DSL lines cannot be passively snooped by neighbors in the
comfort of their own homes.
I actually (and sadly) believe the Cable Modem DOCSIS/Baseline Privacy
spec is more of a "Marketing Thing" than anything else. That is to say,
the Cable modem industry wants to hedge against dialup and DSL ISP's
saying "Don't use Cable Modem, its a shared medium. That neighbor you
hate can read undetected all your email, web traffic, and steal your
POP password!".
It would be nice if Mediaone turned on DOCSIS encryption just for
tidiness sake and so one could rule out subnet sniffing. But I agree
with Ben that this is far from the whole story and you had best use
end-to-end encryption if you really need privacy.
Karl
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
